RSA Conference 2017 – Four Trends to Watch in Network Security

Posted by
Frank Andrus on
February 6th, 2017

We’re looking forward to participating at RSA Conference 2017 in San Francisco. The event will bring together leading cyber-security experts to discuss trends and strategies that can help you stay ahead of cyber threats. One of the key trends in improving your organization’s security posture is having a centralized source of complete and actionable information, such as a Security Automation & Orchestration (SA&O) solution. The best SA&O solutions help you address these four critical areas to create a strong security posture:

1) Visibility. The foundation of a strong security posture is complete endpoint visibility. You cannot secure endpoints if you cannot see every device and its actions. According to the Ponemon Institute’s 2016 State of the Endpoint Report, 60% of respondents stated that it has become harder to manage endpoint risk in the last 24 months. Your organization needs complete network visibility. To achieve this, you need to profile every endpoint and device on your network, as well as track and monitor all activity. According to Gartner, “more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.” As the number of BYOD and IoT devices connecting to networks continues to expand, it is critical to profile and protect each endpoint. Once you have this visibility, you can see the complete topology for your network, enabling you to identify threats and decrease time-to-remediation.

2) Integration. One of the biggest challenges in today’s security environment is integrating multiple sources of security threat information and distilling it into actionable data. It’s one thing to have devices and tools that, in theory, can easily communicate and share data. In reality, many security solutions do not integrate well with other solutions, and single-source network security solutions frequently provide you with strong security in some areas, but inferior solutions in others. With threats evolving at an alarming rate, you need an SA&O solution that works seamlessly with other best-of-breed security solutions to create a strong security posture. If you integrate the wrong solutions, you’ll be buried in logs from siloed applications and devices, potentially spending weeks sifting through logs to manually find contextual information. The latest solutions collect and prioritize the aggregate data into a simplified dashboard to help you quickly identify the trends, key data points and root cause hidden in security logs. In addition, your solutions should give you the ability to map and filter data over time, so you can identify outliers and major security trends.

3) Automation. The ability to automate threat identification and response is critical for a strong security posture. With most networks receiving tens of thousands of alerts per day, without automation, it is impossible to keep up with the volume of alerts. Security automation has evolved dramatically over the last year. Security automation not only triages alerts to separate serious incidents from noise, but also bridges the SOC/NOC gap, providing real-time automated response to suspicious activities. Automated threat response reduces manual intervention for security events, ticketing systems integration and end-point containment. It can reduce containment time from days to seconds and deliver dramatic increases in security operations productivity and effectiveness. The best solutions analyze potential vulnerabilities and can accelerate incident response to achieve in seconds what may normally take hours , aggregating the data and context, and alerting analysts to quickly resolve any issues. Ensure your SA&O solution triages events, prioritizes threats by score, and then delivers the incidents with context, so you can speed your time-to-resolution and reduce an attacker’s expensive and dangerous dwell time in your network.

4) Analytics. Recording and retaining information is important for any organization. It assists with real-time identification and provides a historic record for forensic review. All organizations need a strong analytics solution to triage current issues, provide appropriate context for remediation, and retain data to help find the moment of compromise if an attacker is dwelling in your network. For organizations with compliance requirements, full context analytics is imperative to meet compliance for HIPAA, SEC/SOX, PCI DSS, as well as other industry regulations. Look for a solution that enables you to restrict access to information by role or individual, and then automatically enforces policies. It should also provide complete data capture so you have proof of compliance. With regulatory fines that can reach into the millions of dollars, ensuring that you have a best-of-breed SA&O solution can save your organization from the financial and reputation damage that accompanies a major security breach.

The bottom-line

Many organizations understand the inherent need for more robust security in light of the ever-increasing sophistication and volume of cyberattacks. With cybersecurity spending expected to top $1 trillion by 2021, showing the dollar value of preventative security measures, instead of just the punitive cost of a data breach, can make all the difference in justifying budget and resourcing.

As attackers become more relentless and more sophisticated, it’s crucial that your security solutions evolve as well. The RSA Conference 2017 will present solutions that can help your organization combat today’s cyber security threats.

Bradford Networks will be at RSA Conference 2017 showcasing a major new release that can help you meet these four key security challenges. Visit us at booth S337.